Capital One Data Breach Linked to Insider Threat; SAP NS2’s Mark Testoni Quoted

Mark Testoni, President and CEO of SAP National Security Services

A data breach at Capital One Financial compromised the personal information of more than 100M U.S. and Canadian customers and credit card applicants, the Wall Street Journal reported Wednesday.

According to a federal criminal complaint, the breach involved a former Amazon Web Services employee who used a misconfigured firewall to break into the bank’s systems and access the customers’ sensitive data.

Among the compromised personal data were names, dates of birth, addresses, credit scores, payment history, Social Security numbers and bank account numbers. Approximately 80K account numbers and 140K Social Security numbers were exposed in the hacking incident.

Capital One said it expects to incur $100M to $150M in costs to remediate the breach.

“Insider threats are big concerns for companies and when you combine them with the talent of an engineer like this, it’s really concerning,” said Mark Testoni, CEO of SAP National Security Services and a 2019 Wash100 winner. “That is tough to prepare for because they’re more sophisticated than other insiders may be.”

Check Also

StackRox

StackRox to Help Secure Cloud-Based Financial Infrastructure Under DHS Contract

StackRox has received a contract from the Department of Homeland Security to help a large U.S. financial services provider  protect cloud-based applications through the implementation of a Kubernetes and container security platform.

NDP

Space Force Taps Net-Centric for Battlespace Awareness Center Support

Boulder, Colo.-based engineering company Net-centric Design Professionals has secured a two-year, $28.6M contract from the U.S. Air Force to support the Overhead Persistent Infrared Battlespace Awareness Center at Buckley Air Force Base.

DARPA

DARPA Seeks Security Tech for Internet of Things Devices Under CHARIOT Program

The Defense Advanced Research Projects Agency has asked industry to submit research concepts for “revolutionary security technologies” that can help protect the increasing number of internet of things-based devices.